The Internet has become increasingly popular in recent years and along with it, so has on-line Internet shopping. To accommodate demand for on-line shopping, many merchants have implemented Internet web servers with web pages for selling items. The web pages often describe the item and item price. With such web pages, a customer can browse to a merchant web page, view an item description and price, and select to order an item. The merchant web page may also include a field for entry of a credit card account number to be used for payment. The customer may enter their credit card account number and send it along with a purchase order to the merchant server (i.e., in a message).
Because the message is sent over the Internet, many systems implement encryption to provide for security of the credit card account number. That is, typically the credit card account number and purchase order are encrypted by the customer computer before being sent to the merchant server. The merchant server receives the encrypted message and decrypts the message to determine the purchase order and the credit card account number. After processing the purchase order to determine an invoice amount, the merchant server encrypts the credit card account number and the invoice amount and sends that encrypted message to a credit card server.
As can be seen, the merchant server has access to the unencrypted credit card account number of the customer. This can be disadvantageous for several reasons. For example, the merchant server may contain many credit card account numbers and therefore, may be ripe for attack by hackers. Further, once a merchant receives a credit card account number and a purchase order, an unscrupulous merchant may send a larger invoice amount than was agreed to by the customer. Moreover, an unscrupulous merchant may send an invoice amount to the credit card server for a purchase that was never made by the customer. That is, because the credit card server receives the message from the merchant server without any certification from the customer computer, the credit card server cannot verify that the purchase was actually made by the customer.
In view of the foregoing, there is a need for an encryption system and method that does not provide unencrypted credit card account numbers to a merchant server.